Google Starts Upgrading Its SSL Certificates To 2048-bit Keys

← Back to Stories (view on slashdot.org)

Google Starts Upgrading Its SSL Certificates To 2048-bit Keys

Posted by Soulskill on Tuesday July 30, 2013 @09:21AM from the go-big-or-go-home dept.

An anonymous reader writes "Google today announced it has already started upgrading all of its SSL certificates to 2048-bit keys. The goal is to beef up the encryption on the connections made to its services. Google says the upgrade, which includes the root certificate that the company uses to sign all of its SSL certificates, will be completed 'in the next few months.' Previously, however, Google was more specific and said it was aiming to finish the process by the end of 2013."

118 comments

Min score:

Reason:

Sort:

Completely useless... by Anonymous Coward · 2013-07-30 09:25 · Score: 3, Informative

If the NSA has the master key...
1. Re:Completely useless... by telchine · 2013-07-30 09:34 · Score: 4, Funny
  
  It's called private key, you cretin. Now, go smoke some weed and don't bother the grown-ups will you?
  Let me draw you a picture...
  Me <---- (SSL) ----> Google ---- (SSL) ----> NSA
2. Re:Completely useless... by noh8rz10 · 2013-07-30 09:39 · Score: 1
  
  It's called private key, you cretin. Now, go smoke some weed and don't bother the grown-ups will you?
  Let me draw you a picture...
  Me <---- (SSL) ----> Google ---- (SSL) ----> NSA
  I thought it was
  Me NSA Google. isn't that why they call it MITM?
3. Re:Completely useless... by Jeremiah+Cornelius · 2013-07-30 09:40 · Score: 1
  
  That means the envelope Google sends to the NSA will be twice as heavy. ;-)
  
  --
  "Flyin' in just a sweet place,
  Never been known to fail..."
4. Re:Completely useless... by Anonymous Coward · 2013-07-30 09:43 · Score: 1
  
  Right... because google signs their own certs and you magically make your browser trust them tool.
  Why don't you do some reading:
  http://www-01.ibm.com/software/webservers/httpservers/doc/v2047/manual/ibm/en_US/9atssl.htm
  and let intelligent people talk.
5. Re:Completely useless... by Anonymous Coward · 2013-07-30 09:47 · Score: 2, Informative
  
  Actually...
  Me ----> (SSL) ----> Verisign ----> NSA ----> (SSL) ----> Google
6. Re:Completely useless... by Penguinisto · 2013-07-30 09:47 · Score: 2
  
  Me NSA Google. isn't that why they call it MITM?
  Actually, it's AITM, or Agency In The Middle.
  But overall, the whole thread represents the wrong approach: If it's the SSL keys in TFA that are being borkified for NSA access, then the NSA would have to stick something between you and Google (and would have to host the SSL key itself, as well as the domain name), so you would be correct if that were the case.
  However? Not really sure that Google would want anyone else controlling their domain name/LBs/firewalls/etc, especially when it's easier for some governmental agency (e.g. the NSA) to simply latch onto Google's DB clusters. That way there's no need to compromise any keys.
  
  --
  Quo usque tandem abutere, Nimbus, patientia nostra?
7. Re:Completely useless... by DarkOx · 2013-07-30 09:50 · Score: 1
  
  Normally the PKI on certificates is just used for authentication, and then encrypting the exchange of the symmetric key; symmetric key encryption is used to transfer the actual documents. My guess would be those companies collaborating with NSA on snooping have a server side SSL library that shares the negotiated symmetric keys with the NSA and after the connections are setup simply duplicates all the packets; which the NSA can now decrypt the payloads of.
  I doubt the NSA is actually MITM.
  
  --
  Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
8. Re:Completely useless... by Anonymous Coward · 2013-07-30 09:57 · Score: 0
  
  ever consider that there are other threats to your data besides the NSA?
9. Re:Completely useless... by Anonymous Coward · 2013-07-30 09:57 · Score: 0
  
  You're a fuckin moron cretin.
10. Re:Completely useless... by Anonymous Coward · 2013-07-30 10:08 · Score: 1
  
  In practice most SSL sessions use the public/private key pairs to generate the session key in a rather trivial manner. That means if you know the server's private key, you can derive the session key after the fact.
  What you're thinking of is a property called "perfect forward secrecy". Unfortunately, in reality the negotiated parameters of real-world SSL sessions rarely have the property of forward secrecy. Because of the way SSL has evolved, and because of bugs discovered over the years, and for other various reasons, to get forward secrecy you need both ends to support TLS 1.2.
11. Re:Completely useless... by ls671 · 2013-07-30 10:21 · Score: 1
  
  Verisign or any other signing authority don't have Google private key nor anybody else private key for that matter.
  
  --
  Everything I write is lies, read between the lines.
12. Re:Completely useless... by yuriyg · 2013-07-30 10:24 · Score: 1
  
  Yes, but they [might] have Verisign's private key. They can then be the man-in-the-middle of an SSL connection.
13. Re:Completely useless... by noh8rz10 · 2013-07-30 10:35 · Score: 5, Insightful
  
  I love how this is an article about how goog is increasing security, yet 95% of the posts are about NSA snooping. This is the flip side of the PRISM stuff - a company will never be able to prove that NSA is NOT snooping. Once the public loses faith, it will be really hard for a company to regain it. maybe this has already happened...
14. Re:Completely useless... by noh8rz10 · 2013-07-30 10:37 · Score: 1
  
  of course, to be fair, there actually is some value to what goog is doing. even though NSA can snoop at their leisure, I still want to block my CC from (private) criminals. ditto, identity thieves. so maybe 2056 is good for that?
15. Re:Completely useless... by ls671 · 2013-07-30 10:39 · Score: 1
  
  Don't forget the symmetric may change several times in a course of an TLS session. It is called renegotiation. It was made to make things more secure than a single symmetric key but funnily enough, it got exploited...
  https://tools.ietf.org/html/rfc5746
  http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html
  http://www.openssl.org/docs/ssl/SSL_CTX_set_options.html#SECURE_RENEGOTIATION
  http://tools.ietf.org/html/rfc5746
  
  --
  Everything I write is lies, read between the lines.
16. Re:Completely useless... by Anonymous Coward · 2013-07-30 11:00 · Score: 0
  
  Sure, but almost none of them are as dangerous.
17. Re:Completely useless... by Anonymous Coward · 2013-07-30 11:01 · Score: 0
  
  If the NSA has the master key...
  Except that Google is the only major Internet company that uses ephemeral DH, which provides forward security. Of course they could save all the EDH sessions keys and pass them along as well, but if you believe that you should just stop talking to Google altogether (and perhaps worrying about your precious bodily fluids).
18. Re:Completely useless... by ls671 · 2013-07-30 11:02 · Score: 1
  
  Well, I wouldn't use fake certs, it seems like a nice way to leave traces and evidences. There must be a better way but this is just my MHO.
  
  --
  Everything I write is lies, read between the lines.
19. Re:Completely useless... by Anonymous Coward · 2013-07-30 11:46 · Score: 0
  
  Modern browsers hitting Google via HTTPS these days do negotiate TLS 1.2 and ECDHE_RSA, which does provide perfect forward secrecy.
20. Re:Completely useless... by ttucker · 2013-07-30 12:13 · Score: 1
  
  Verisign or any other signing authority don't have Google private key nor anybody else private key for that matter.
  They do have the ability to provide a second key for a common name that end users will trust, allowing a man in the middle attack. Having the CA private key would allow someone to do this at their leisure.
21. Re:Completely useless... by AHuxley · 2013-07-30 12:55 · Score: 1, Interesting
  
  Its like an East German boarder guard getting the cash for a motorcycle.
  The nice story about working hard and helping find contraband....
  ie nobody in the West is going to let an East Germany forget about what happens on the Wall.
  We now all know the truth about the US brands and their legal positions wrt your plaintext.
  
  --
  Domestic spying is now "Benign Information Gathering"
22. Re:Completely useless... by Anonymous Coward · 2013-07-30 14:42 · Score: 0
  
  It's called private key, you cretin. Now, go smoke some weed and don't bother the grown-ups will you?
  You don't often see an Anonymous Coward that makes all the other Anonymous Cowards look smart by comparison. Nice job, AC. Thanks!
23. Re:Completely useless... by Anonymous Coward · 2013-07-30 15:01 · Score: 1
  
  I'm going to be an iconoclast here. If the NSA had a root key, I would actually go as far as to trust it. So far, except for one assclown that had access to too much, the NSA hasn't had any real failures (unlike Diginotar or other CAs), nor hacks (like Comodo.)
  I'd trust the NSA's root key in an instant, provided they actually had a standard for vetting that was above and beyond "click this checkbox to swear that you are whom you claim to be", or paying a bit more for a special root key that gives your website a green bar (EV key.)
  Posting AC, just because the NSA/NIST has done lots -for- my security (SELinux, very well-written documents about major operating systems and hypervisors with suggested security additions/modifications.) While others whine about the NSA, I'm glad that their controls and such have reduced the attack surface of my stuff, and where I work. A lot of it is common sense, but it is good to have around anyway.
24. Re:Completely useless... by DigiShaman · 2013-07-30 16:45 · Score: 1
  
  Just make a law demanding that all apps and devices be PRISM compliant and be done with it. Software developers will also undergo PRISM training and recertification each year. Devices will also have the PRISM logo etched on the back of unit....etc. I say we go for broke on tyranny. This pussyfooting around the issue is just fucking insulting being that most people in Amerika actually are in favor of this activity. Not me, but lets be clear here shall we?!
  
  --
  Life is not for the lazy.
25. Re:Completely useless... by kamapuaa · 2013-07-30 17:17 · Score: 1
  
  I have no idea what you're trying to say.
  
  --
  Slashdot: providing anti-social weirdos a soapbox, since 1997.
26. Re:Completely useless... by gmack · 2013-07-30 23:09 · Score: 1
  
  Actually that won't work since Google is enabling forward secrecy Knowing the key will not be enough. The NSA would need to have an actual proxy server between you and Google to monitor the traffic.
27. Re:Completely useless... by Ash+Vince · 2013-07-31 00:27 · Score: 2
  
  I love how this is an article about how goog is increasing security, yet 95% of the posts are about NSA snooping. This is the flip side of the PRISM stuff - a company will never be able to prove that NSA is NOT snooping. Once the public loses faith, it will be really hard for a company to regain it. maybe this has already happened...
  Why should the company have to regain any trust anyway? The fact is the US government is currently mandating that they do all of this crap and issuing them with gag orders so Google can't tell anyone.
  The only way Google can get out of this is relocate their HQ to russia, exactly where the Brin family escaped from. Even if they did this it would probably be no better as Putin is not exactly Mr Privacy.
  The truth is that companies cannot do a damn thing providing congress and the supreme court keeps saying this stuff is all fine and dandy. The US Military and spy agencies calls the shots since 9 - 11. Sometimes I often wonder if they just sat back and watched it happen knowing it would strengthen their hand for decades.
  
  --
  I dont read /. to RTFA, I read /. to offend people in ignorance.
28. Re:Completely useless... by Merk42 · 2013-07-31 00:36 · Score: 1
  
  Even if that happened, there would be devices/software that didn't have the PRISM logo and people would still think they were being spied on (even if they weren't).
29. Re:Completely useless... by WOOFYGOOFY · 2013-07-31 03:44 · Score: 1
  
  beat me to it. .. and gives the keys to the NSA...film at 11
30. Re:Completely useless... by noh8rz10 · 2013-07-31 04:01 · Score: 1
  
  Why should the company have to regain any trust anyway?
  
  it needs to regain my trust because currently i dont' trust it to keep my data confidential. instead of "teh cloudz" I'll use desktop services where I own my data. because I don't trust goog.
31. Re:Completely useless... by Anonymous Coward · 2013-07-31 08:45 · Score: 0
  
  Every government in the world that has a Mozilla-trusted CA in their jurisdiction can spoof any SSL traffic without being easily noticed. I have no reason to believe they aren't doing that. Obviously, they must be using that power very sparingly because they could get caught by some security activist and make their prime targets more cautious.
32. Re:Completely useless... by Anonymous Coward · 2013-07-31 22:40 · Score: 0
  
  And this is how the world ends. Not with a bang, but with thunderous applause from statists and other types of scum.
33. Re:Completely useless... by Ash+Vince · 2013-08-01 00:10 · Score: 1
  
  Why should the company have to regain any trust anyway?
  it needs to regain my trust because currently i dont' trust it to keep my data confidential. instead of "teh cloudz" I'll use desktop services where I own my data. because I don't trust goog.
  Do you trust anyone else not to share your data with the NSA? If you do I have a bridge to sell you.
  
  --
  I dont read /. to RTFA, I read /. to offend people in ignorance.
34. Re:Completely useless... by noh8rz10 · 2013-08-01 03:30 · Score: 1
  
  Do you trust anyone else not to share your data with the NSA? If you do I have a bridge to sell you.
  Not gonna lie, I wrote a pretty strident diatribe about how I'm cutting myself out of their loops, but I'm deleting it because I'm sure NSA is reading this thread. even if I post AC they would connect it with my account. I'm not going to do anything out of the ordinary so all my data will be available through existing channels: goog, MS, apple, verizon. also, why is it so cold in here? oh yeah, because of the chilling effect to the first amendment.
35. Re:Completely useless... by Anonymous Coward · 2013-08-08 22:53 · Score: 0
  
  Agreed. If I'm authenticating my bank, the NSA would be a great root.
  If I was running IT for a presidential challenger, maybe not.
A refreshing mug of ice cold frost pist. by Anonymous Coward · 2013-07-30 09:26 · Score: 0

Is Google doing this because they have a D-Wave quantum annealing computer and figured out how to bust the smaller size SSL certs with it?
1. Re:A refreshing mug of ice cold frost pist. by TechyImmigrant · 2013-07-30 09:32 · Score: 1
  
  D wave doesn't appear to do factoring.
  
  --
  I should use this sig to advertise my book ISBN-13 : 978-1501515132.
Older PCs by MightyMait · 2013-07-30 09:29 · Score: 3, Insightful

I wonder how this'll affect older PCs? Aren't SSL communications with larger keys more processor-intensive than when using a smaller key?

--
Nothing interesting to say...MUST...NOT...REPLY...ohtheheckwithit.
1. Re:Older PCs by Anonymous Coward · 2013-07-30 09:35 · Score: 3, Funny
  
  If you really worry about SSL key lengths affecting your system performance. You probably should buy a new one.
2. Re:Older PCs by tlhIngan · 2013-07-30 09:58 · Score: 5, Informative
  
  I wonder how this'll affect older PCs? Aren't SSL communications with larger keys more processor-intensive than when using a smaller key?
  Hardly anything, actually. The actual amount of encryption and decryption done using the RSA2048 key is quite small - really only about 128 to 256 bits or so.
  Public key encryption is horrendously slow, too slow for modern usage, so what happens is the bulk encryption is done via a symmetric cipher, typically AES these days (previously it was 3DES or DES). Of course, for symmetric ciphers to work, you need to share a key. So what happens is the client generates a key for AES, encrypts it with the RSA2048 public key, and sends it to the server. The server decrypts the key using its RSA2048 private key and then communications take place via AES and that shared key.
  The change from RSA1024 to RSA2048 should have minimal impact since it's only done on session setup while the actual communications use the far faster and more secure AES algorithm.
  (Yes, public key encryption is weaker - you need more bits for the key to have the same level of protection as a symmetric cipher using way less bits.).
3. Re:Older PCs by Anonymous Coward · 2013-07-30 10:00 · Score: 0
  
  It will be negligible from your end but a bigger deal for google who has to deal with millions of users.
  I am not an expert but as I understand it - the key/algorithm (asymmetric, slow) they are talking about in the summary is only used to verify that google is who they say they are when trying to create an encrypted connection. If verified the established connection uses a different key/algorithm (symmetric, fast) for actual communication. The symmetric key/algorithm depends on the capabilities of your client and the host you are connecting to.
4. Re:Older PCs by MightyMait · 2013-07-30 10:10 · Score: 1
  
  Thanks for the informative reply. That makes sense!
  
  --
  Nothing interesting to say...MUST...NOT...REPLY...ohtheheckwithit.
5. Re:Older PCs by WaffleMonster · 2013-07-30 10:12 · Score: 1
  
  I wonder how this'll affect older PCs? Aren't SSL communications with larger keys more processor-intensive than when using a smaller key?
  It is just in initial RSA operations and does not effect cost to encrypt underlying data itself. Most everyone else had already upgraded to 2048 years ago.
6. Re:Older PCs by Anonymous Coward · 2013-07-30 10:40 · Score: 0
  
  I've done some tests with mobile phones, about 5 years ago. I think among the most "modern" device tested back then was a Nokia N95, no iPhone 3G back then.. With the rough measurements we performed, we couldn't find any difference between 1024, 2048 and 4096 bit keys, even when using WLAN instead of 3G.
7. Re:Older PCs by Anonymous Coward · 2013-07-30 13:20 · Score: 0, Informative
  
  Public key encryption is horrendously slow, too slow for modern usage, so what happens is the bulk encryption is done via a symmetric cipher, typically AES these days (previously it was 3DES or DES).
  No, no, no!
  Public key encryption relies on asymmetric cipher. These ciphers are only good for *1* block size!! So if you are using 2048 bit asymmetric cipher, you can only encrypt 2048 bits. That's ALL! 256 bytes. They are only used for exchange of symmetric keys and for authentication (like HMAC hashes). One key is used for encryption and another for decryption. This is why you cannot chain them like symmetric. So 1 block in size, tops.
  Symmetric keys are then used for as stream ciphers. These are 128 bit or 256 bit long. They use things like CBC (Cipher Block Chaining) so one block's output is used as hashing function for next blocks input, along with the secret symmetric key. Same key is used for encryption as decryption.
  Public key crypto is for key exchange and authentication. Symmetric crypto is used for actual encryption. They are complementary, *not* in competition with each other.
8. Re:Older PCs by Anonymous Coward · 2013-07-30 19:02 · Score: 0
  
  Wrong.
  You talk about symmetric ciphers being used as stream ciphers, but immediately cite them being used in CBC mode which is for _block ciphers_.
  The set of symmetric ciphers encompasses both, but block ciphers and stream cipher have different modes of operation.
Why is this news? by silviuc · 2013-07-30 09:29 · Score: 1

Try to buy an SSL certificate with 1024 bit keys. I dare you. Double dare you. Yeah, you won't be able to.

What will be news is the myriad of devices that have crappy firmware which relies on the old keys for all the wrong reasons.
1. Re:Why is this news? by xatr0z · 2013-07-30 09:46 · Score: 2
  
  Yes, but unlike almost all other certificates and big websites Google uses elliptic curve diffie hellman, which means something like every user having their own key. That key also changes every day. So after breaking one they would only be able to intercept traffic form that user for 1 day.
  
  So google's certificates give much more security than other ones, even if they use 4096 bit keys.
2. Re:Why is this news? by Anonymous Coward · 2013-07-30 10:29 · Score: 0
  
  One acronym that explains that summarized the parent post: PFS.
3. Re:Why is this news? by Carewolf · 2013-07-30 12:27 · Score: 0
  
  Yes, but unlike almost all other certificates and big websites Google uses elliptic curve diffie hellman
  I can't tell if you are making up ironic bullshit or being informative. Maybe using cute names in IT wasn't that good an idea anyway. But I guess if it was a joke there would have been at least 5 nonsequitor names after each other to describe a security tem and not only four.
4. Re:Why is this news? by sFurbo · 2013-07-30 21:56 · Score: 1
  
  How else would you describe applying the Diffie Hellman* key exchange method to elliptic curve** cryptography? As opposed to marketing terms, scientific jargon is a way to describe the properties of what is being described, not a way to make it sound sexy.
  
  *Named after the people who invented it the second time, as is traditional with cryptographic algorithms.
  **The name came because a certain class of integrals arose in connection with the problem of giving the arc length of an ellipse.
Key size not the flaw... by sabt-pestnu · 2013-07-30 09:30 · Score: 4, Insightful

The largest risk isn't during transmission, it is at the user's end... and Google's end. 2 million bit encryption wouldn't be enough if you had a keylogger, or if google got served a National Security Letter that it decided to honor.
1. Re:Key size not the flaw... by gl4ss · 2013-07-30 09:40 · Score: 1
  
  The largest risk isn't during transmission, it is at the user's end... and Google's end. 2 million bit encryption wouldn't be enough if you had a keylogger, or if google got served a National Security Letter that it decided to honor.
  well they figured out that if they lock the root in a safe that can be only opened by putting in 100000 100 dollar bills they can write another bill to NSA for retrieving it for them, as logistical cost of accessing the key.
  
  --
  world was created 5 seconds before this post as it is.
2. Re:Key size not the flaw... by Synerg1y · 2013-07-30 09:50 · Score: 1
  
  It can frustrate 3rd world oppressive governments with sniffing capabilities (there's a few) thats about it.
3. Re:Key size not the flaw... by tlhIngan · 2013-07-30 09:52 · Score: 1
  
  The largest risk isn't during transmission, it is at the user's end... and Google's end. 2 million bit encryption wouldn't be enough if you had a keylogger, or if google got served a National Security Letter that it decided to honor.
  Hush now, the NSA wants you to believe that they capture data in flight, therefore you are more protected using bigger keys.
  More bits is always better and more unbreakable! Google's working hard to protect your privacy!
4. Re:Key size not the flaw... by swillden · 2013-07-30 10:33 · Score: 1
  
  The largest risk isn't during transmission, it is at the user's end... and Google's end. 2 million bit encryption wouldn't be enough if you had a keylogger, or if google got served a National Security Letter that it decided to honor.
  Yeah, but the NIST recommendations suggest that 1024-bit keys aren't adequate any more, so it's just good security hygiene to upgrade, even if they're not actually the current weak point, which I agree is almost certainly at the user's end.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
5. Re:Key size not the flaw... by swillden · 2013-07-30 10:36 · Score: 2
  
  The root key is in an HSM, and can't be extracted. I think I can say that without compromising anything confidential.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
6. Re:Key size not the flaw... by Lincolnshire+Poacher · 2013-07-30 18:02 · Score: 1
  
  The root key is in an HSM, and can't be extracted.
  For disaster recovery purposes it must also exist elsewhere.
7. Re:Key size not the flaw... by gmueckl · 2013-07-31 01:54 · Score: 1
  
  A key that is only used for communication and never for storage does not need to be recoverable, does it?
  
  --
  http://www.moonlight3d.eu/
8. Re:Key size not the flaw... by Pinky's+Brain · 2013-07-31 04:39 · Score: 1
  
  WIth physical access and knowledge of the hardware sure it's extractable ... this is assuming there's no backdoor in the HSM, always a large assumption.
9. Re:Key size not the flaw... by swillden · 2013-07-31 13:32 · Score: 1
  
  The root key is in an HSM, and can't be extracted.
  For disaster recovery purposes it must also exist elsewhere.
  Other HSMs. There is a secure mechanism for syncing keys between devices that ensures that it is still impossible to ever extract them in cleartext. All major HSM devices can do this.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
10. Re:Key size not the flaw... by swillden · 2013-07-31 13:45 · Score: 1
  
  WIth physical access and knowledge of the hardware sure it's extractable
  With good tamper-reactive hardware? Well... in theory, sure, anything is possible. In practice, good luck getting in without triggering the tamper response, which zeros the master key. Note that freezing attacks don't work, because getting the device outside of a certain temperature range triggers the tamper response, as does physical penetration, exposure to radiation, improper input voltage or loss of battery power or... good FIPS 140-2 level 4 hardware is very touchy.
  
  ... this is assuming there's no backdoor in the HSM, always a large assumption.
  Actually, I worked a bit on the IBM 4758 and know a bunch of the people involved throughout its design and development, and I'd say it's extremely unlikely that there's a back door. There's a published paper on the 4758 design (Google it); go read that and then come back and we'll talk. I can tell you about all of the code control and layered reviews at every point in the design, implementation and testing process. It would be fantastically hard to sneak a back door in through that.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
So ECC missed the boat by TechyImmigrant · 2013-07-30 09:31 · Score: 1

I think the people who wield the root certs were hoping that ECC would come around before they had to switch to 2048, but it didn't. The crushing effect of certicom's obvious patents and the lateness of the NSAs RFC6090 meant that RSA won again.
I don't see anything improving on the ECC front. All the structural problems remain. We'll be messing with 4096 RSA before long and your smart cards will all have to be replaced.

--
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
1. Re:So ECC missed the boat by cryptizard · 2013-07-30 11:28 · Score: 1
  
  What structural problems?
2. Re:So ECC missed the boat by TechyImmigrant · 2013-07-30 12:44 · Score: 2
  
  1) Over conservative corporate lawyers who think ECC is a no-go land
  2) Fear, uncertainty and doubt about whether certicom will come after you with their lawyers
  3) Suspicion by tin foil hat bearers that the NSA are promoting elliptic curve algorithms (in RFC6090) they know how to break
  4) Engineers who don't know how to avoid stepping on patented parts of elliptic curve cryptography implementations.
  5) Obsolete operating systems that don't understand ECC certs
  6) Anything else I haven't thought of
  
  --
  I should use this sig to advertise my book ISBN-13 : 978-1501515132.
WTF? by bloodhawk · 2013-07-30 09:32 · Score: 1, Insightful

How the fuck is "by the end of 2013" more specific than "in the next few months"? First is a 5 month range, the second "generally" refers to a 2-4 month range. At worst there timeline response hasn't changed.
1. Re:WTF? by hawguy · 2013-07-30 09:59 · Score: 5, Insightful
  
  How the fuck is "by the end of 2013" more specific than "in the next few months"? First is a 5 month range, the second "generally" refers to a 2-4 month range. At worst there timeline response hasn't changed.
  "By the end of 2013" specifies an exact point in time at which the project will be done - Dec 31st, 2013, if they slip past that date, then they are late. However, "in the next few months" is very non specific, with no universally accepted definition of what it means and can depend on the range being considered -- If I have big bag of M&M's and someone asks me for a "few", they'd probably be disappointed if I gave them 2 - 4. Since "few" is so non-specific, they could stretch it out to 5 months and still claim they are within a "few".
2. Re:WTF? by Anonymous Coward · 2013-07-30 10:42 · Score: 0
  
  It may provide a definite endpoint, but it is definitely LESS specific in this example as it means anytime in the next 5 months. Whereas in the next few months in the vast majority of terms means at worst in the next 4 months and usually within the next 3.
3. Re:WTF? by hawguy · 2013-07-30 10:48 · Score: 1
  
  It may provide a definite endpoint, but it is definitely LESS specific in this example as it means anytime in the next 5 months. Whereas in the next few months in the vast majority of terms means at worst in the next 4 months and usually within the next 3.
  Unless, by a "few" they meant 5 months. Or maybe 6.
  Anytime a project manager tells you "Oh, it'll be done within a few months", you know that he doesn't really know when it's going to be done and it probably means no one has it on their schedule, it might be done tomorrow or it might be done in 6 months. If he really had a good idea when it would be done, he would have told you.
4. Re:WTF? by Anonymous Coward · 2013-07-30 11:11 · Score: 0
  
  At 5 it is STILL not less specific. As it is also an announcement it is also less likely to be just a project manager throwing out random time statements.
5. Re:WTF? by twistedcubic · 2013-07-30 20:06 · Score: 1
  
  How the fuck is "by the end of 2013" more specific than "in the next few months"?
  
  Linus?
Whats the point by Anonymous Coward · 2013-07-30 09:34 · Score: 0

the bad guys will already have a decrypted copy off all our traffic handed to them anyway it makes me wonder what the point of SSL is at all anyway, who's keys don't they have now. and given how information has been pouring out of these evil entities like a sieve recently i have to assume that the ssl master keys were also leaked or published just in a more quiet way
Placebo effect by Anonymous Coward · 2013-07-30 09:36 · Score: 0

This won't do any good when the NSA has a copy of that root certificate.
NSA Officials inside the Googleplex: Stand aside!
Not really. by Anonymous Coward · 2013-07-30 09:37 · Score: 5, Informative

The initial connection setup will be more processor intensive (4x?) but the actual communications isn't done with public/private key encryption. The public/private keys are only used to verify the identity of the server and to exchange a symmetric (AES128 often) key. After the setup, the rest of the transfer will be no more complex and so shouldn't load your PC any more than before.
1. Re:Not really. by Anonymous Coward · 2013-07-30 10:20 · Score: 0
  
  ECC is faster and stronger.
2. Re:Not really. by Anonymous Coward · 2013-07-30 10:36 · Score: 0
  
  Your mom is better in bed.
Big deal. by magic+maverick+ · 2013-07-30 09:39 · Score: 3, Insightful

I've been using 4096 bit keys for over two years. Now if only /. would get into the act (I don't want freaks and weirdos at where ever I use the 'net to know a. what stories I read. b. whether I'm logged in or not. c. if I'm logged in, what my user name and password are).
Also, the moderators are all insufficiently like the "ideal" for their gender (whatever gender that is). E.g. the male identifying mods all have small penis'.

--
HELP MY ACCOUNT HAS BEEN HACKED BY AN ILLIBERAL ART STUDENT SET TO DESTROY THE INTERWEBZ!
1. Re:Big deal. by Anonymous Coward · 2013-07-30 10:11 · Score: 0
  
  Also, the moderators are all insufficiently like the "ideal" for their gender (whatever gender that is). E.g. the male identifying mods all have small penis'.
  The female identifying mods all have small penises too!
2. Re:Big deal. by Anonymous Coward · 2013-07-30 10:13 · Score: 0
  
  Also, the moderators are all insufficiently like the "ideal" for their gender (whatever gender that is). E.g. the male identifying mods all have small penis'.
  The female identifying mods all have small penises too!
  that's just pre-op.
3. Re:Big deal. by slimjim8094 · 2013-07-30 10:14 · Score: 2
  
  Google uses ECDHE which makes their encryption dramatically more secure than the vast majority of others.
  
  --
  I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
4. Re:Big deal. by Anonymous Coward · 2013-07-30 10:52 · Score: 0
  
  Nobody cares what slashdot stories you read, or about impersonating you. Take off your tinfoil beanie.
5. Re:Big deal. by b4dc0d3r · 2013-07-30 16:08 · Score: 1
  
  E.g. the male identifying mods all have small penis'.
  Penises. They have small penises.
  I am obviously a grammar Nazi, with a large penis - not a mod with a small penis. Or giant clitoris, for that matter.
  Also, no one cares what you read - you're probably looking for the typos, logical fallacies, incomprehensible summaries, sensationalism, broken links, incomplete headlines, and overall mediocrity in order to make your average self feel above average.
  Oh wait, that's me. Based on your browsing history, you're kind of a freak.
6. Re:Big deal. by magic+maverick+ · 2013-07-30 19:05 · Score: 0
  
  You're a stupid nazi. Like all nazis really. First, "penis ' " is perfectly acceptable in that context. The apostrophe (') indicates that a letter or letters have been left out. Like in words such as "don't" and "'ouse"; in the first an "o" is missing, in the second the "h". Often missing letters are used to indicate pronunciation (as in "don't"), even though strictly, you shouldn't write like that in formal documents (where grammar and spelling matter more).
  And I think you probably have a small penis anyway.
  Also, people might care about who I am, what I read, and what I post. E.g. the king of Thailand fucks rats, Putin (president of Russia) is a shithead with an overly large ego, and the president of this country (where I am) is a geriatric old man who should have been put down like a rabid dog years ago. I'm not too worried about being connected with those opinions, but in certain cases, it could be dangerous (e.g. if I were in Thailand and I could be connected with that comment).
  While I may not be important, there are others who also deserve /. having a secure access mode.
  
  --
  HELP MY ACCOUNT HAS BEEN HACKED BY AN ILLIBERAL ART STUDENT SET TO DESTROY THE INTERWEBZ!
Re:and passing them to the NSA by bobbied · 2013-07-30 09:39 · Score: 1, Insightful

Not really. There are good reasons to encrypt, you just have to understand them.
The main thing you need to realize is that encrypting something only delays the disclosure of the data. It may take a LONG time to try all the available keys, but eventually a brute force attack will be successful. Of course, if it's going to average 100 years of effort, it may not be worth it to the attacker, or it may not matter what you bank account balance was by then.

--
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
news for nerds by Anonymous Coward · 2013-07-30 09:40 · Score: 0

stuff that matters
128 bit is enough by Anonymous Coward · 2013-07-30 09:40 · Score: 0

I know 128 bit encryption is very robust...2048 too much...after all these are eyewash..if asked they will provide data to Nsa anyway....
1. Re:128 bit is enough by steveb3210 · 2013-07-30 16:32 · Score: 1
  
  You can't compare symmetric key lengths (based on AES) with RSA modulus sizes. An extra bit in a symetric key gives you alot more security than an extra bit in the RSA key..
Better solution by Anonymous Coward · 2013-07-30 09:40 · Score: 0

Dump all known ciphers and add numerous zeros to that key.
Doesn't need to... by Anonymous Coward · 2013-07-30 09:40 · Score: 1

It does the lower bounds of a limit problem, so you can (sort of) figure out where you're looking for the values for the key, and then along with regular cpus/gpus only bruteforce it above that point/within that range.
Taking a few factors off a crypto key's seed values can certainly make cracking the key/certificate easier to do.
1. Re:Doesn't need to... by jkflying · 2013-07-30 10:22 · Score: 1
  
  Even if you can use the D-Wave to take off say 128 bits of uncertainty, that still leaves a pretty big problem in a 512 bit system, never mind a 1024 or 2084 bit system.
  
  --
  Help I am stuck in a signature factory!
2. Re:Doesn't need to... by cryptizard · 2013-07-30 11:23 · Score: 1
  
  You have no idea what you're talking about. None of that makes any sense, or is remotely true.
3. Re:Doesn't need to... by Anonymous Coward · 2013-07-30 11:45 · Score: 2, Interesting
  
  A 768-bit RSA key was factored in late 2009. 1024-bit should be trivial for the NSA, although not trivial in the sense that they don't need to be selective about their target.
  Just because there's no known algorithm to factor primes easily doesn't mean that there aren't practical optimizations to help improve performance. Most of the time when you hear that it takes "thousands of years" to factor a prime number, the speaker is only taking into consideration the most brain dead methods. Cryptographers are continually advancing the state-of-the-art. Clock-for-clock, we can factor primes much faster today than just a few years ago. And you can imagine that the NSA is probably far ahead of academia, if only because as an engineering problem they have vastly more experience in the domain. 10% here, 10% there, and before you know it you've improved runtime by 1x, 2x, 10x, etc.
4. Re:Doesn't need to... by steveb3210 · 2013-07-30 16:24 · Score: 4, Funny
  
  Most of the time when you hear that it takes "thousands of years" to factor a prime number
  Really? I can factor most primes in my head.. Semiprimes would be a different story...
5. Re:Doesn't need to... by Anonymous Coward · 2013-07-30 21:49 · Score: 0
  
  Factoring a prime is easy and trivial:
  assuming n is a prime number, and F(n) is the set of factors of n, then:
  F(n) = {1, n}
  I think what you meant was factoring semiprimes.
6. Re:Doesn't need to... by Anonymous Coward · 2013-07-31 21:12 · Score: 0
  
  Must have been Bill Gates posting as Anonymous Coward...
Stupid by Anonymous Coward · 2013-07-30 09:49 · Score: 0

Once you cross a pretty low threshold it just isn't worth the time of the crackers anymore. They'll take another, easier attack vector. This is like the beefing up the Maginot Line.
1. Re:Stupid by GameboyRMH · 2013-07-31 01:04 · Score: 1
  
  But when it's so easy and cheap, why not? They have to renew keys anyway...
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
2048 bytes? Pure blinkered American-centric bias.. by Dogtanian · 2013-07-30 09:50 · Score: 3, Funny

The Yanks are so used to accessing Google on their bloated 2K TS-1000s, that they seem to have forgetten that those of us with the original British 1K ZX81 won't be able to access their website securely any more.

I bet those tossers are so spoiled they have blackjack and hookers, and 16K rampacks on their servers. Hope someone wobbles them (*) and they lose all their data. Gits.

(*) The rampacks, I mean. I've no idea what wobbling a hooker would do to your data.

--
"Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
Re:Hope and change the Obummer way! by Anonymous Coward · 2013-07-30 09:54 · Score: 0

The terrorists are fucking assholes? But... but... I thought buttsecks was frowned upon in those parts of the world.
more specific? by Cyko_01 · 2013-07-30 10:05 · Score: 1

how is "by the end of 2013" more specific then "in the next few months". Last time I checked, 2 or 3 months is more specific then 1-5 months
Yeah guys by Meshugga · 2013-07-30 10:20 · Score: 2

until you disclose how much data *exactly* of how many users on average you're handing over to LEOs per request, I'ma not gonna trust you ever again.
LEOs, thats a laugh by Anonymous Coward · 2013-07-30 10:33 · Score: 0

As if enforcing the law is even their primary motive.
Re:Hope and change the Obummer way! by Anonymous Coward · 2013-07-30 10:59 · Score: 0

English grammar? Do you know it?
Let me fix that for you... by Anonymous Coward · 2013-07-30 11:30 · Score: 0

Outgoing Traffic:
Me --> SSL --> Google --> (plaintext) --> NSA Data Center --> CIA Threat Analysis --> FBI Warrantless Investigations --> Hacker Criminal Complex
Incoming Traffic:
Me -- SSL -- Google
Re:2048 bytes? Pure blinkered American-centric bia by Anonymous Coward · 2013-07-30 11:42 · Score: 0

The Yanks are so used to accessing Google on their bloated 2K TS-1000s, that they seem to have forgetten that those of us with the original British 1K ZX81 won't be able to access their website securely any more.
I bet those tossers are so spoiled they have blackjack and hookers, and 16K rampacks on their servers. Hope someone wobbles them (*) and they lose all their data. Gits.
(*) The rampacks, I mean. I've no idea what wobbling a hooker would do to your data.
if you glue the lot to a piece of mdf that sorts it out. Rampack that is. Hookers wobbling do funky things to your data, take £50 and go do some research!.
Re:Hope and change the Obummer way! by someSnarkyBastard · 2013-07-30 12:04 · Score: 1

This are America so no.
2048 bit encryption. Nice, but... by Anonymous Coward · 2013-07-30 13:36 · Score: 0

So, does the NSA get the master keys to this setup?
1. Re:2048 bit encryption. Nice, but... by GameboyRMH · 2013-07-31 01:07 · Score: 1
  
  Don't know, but as I've said before, Google seems to have been doing things to make harder work for the NSA over the last few years. This would support the rumors of the NSA being able to efficiently brute-force some lower-length keys used in SSL.
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
Few months not less specfiic by Anonymous Coward · 2013-07-31 01:19 · Score: 0

A few months is not less specific than the end of the year. There are 5 months left in 2013, a few normally means around 3, they're actually saying that they're ahead of schedule.
2048 standard by rsgglobalsign · 2013-08-05 19:06 · Score: 1

Google should have done this years ago! They have all the resources to have their own structure without having their security outsourced to certification authority company like Symantec. They can even have it for free.

--
GMO Internet | GlobalSign Asia Pacific